1 Introduction CS 303 Algorithmic Number Theory and Cryptography Jeremy R. Johnson

KHOOR 2

HELLO 3

4 Introduction to Classical Cryptography Objective: Introduction to Cryptography and Cryptanalysis –Shift Cipher –Substitution Cipher –Attacks and adversaries –Frequency analysis

5 Classical Cryptography Basic problem: Secure communication over an insecure channel Solution: private key encryption –m  E (k,m) = c  D (k,c) = m Shannon provided a rigorous theory of perfect secrecy based on information theory –Adversary has unlimited computational resources, but key must be as long as message

6 Communication Scenario AliceBob Eve EncryptDecrypt Encryption key Decryption key ciphertext plainrtext

7 Shift Cipher hello all hail ceasar If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others. — Suetonius, Life of Julius Caesar 56

8 Shift Cipher KHOOR DOO KDLO FHDVDU a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C Key = 3 m  E (k,m) = c = m+k mod 26 c  D (k,c) = c-k mod 26

Possible Attacks Kerchoff’s Principle 1.Ciphertext only 2.Known plaintext 3.Chosen plaintext 4.Chosen ciphertext 9

Cryptanalysis of Shift Ciphers Number of keys = size of alphabet 1.Ciphertext only 1.Brute force 2.Look for most frequently occurring symbol 2.Known plaintext 1.m + k = c (mod 26) 3.Chosen plaintext k = c (mod 26) 4.Chosen ciphertext 1.m + k = 1 (mod 26) 10

11 Frequency Analysis en.wikipedia.org/wiki/Frequency_analysis_(cryptanalysis) scottbryce.com/cryptograms

War and Peace 12 3,223,402 Characters

freq.pl infile = file(filename,'r') freq = {} count = 0 for c in string.ascii_lowercase: freq[c] = 0 for line in infile: for c in line.lower(): if c.isalpha(): freq[c] = freq[c] + 1 count = count + 1 keys = freq.keys() keys.sort() for c in keys: print "freq[" + c + "] = ",float(freq[c])/count 13

14 Substitution Cipher NYVVZ JVV NJSV RYJDJC a b c d e f g h i j k l m n o p q r s t u v w x y z J E R M Y O H N S T U V W X Z A B C D F G I K L P Q Key – bijection from {0..25}  {0..25}: i   (i) m  E (k,m) = c =  (m) c  D (k,c) =  -1 (c)

Cryptanalysis of Substitution Ciphers Number of keys = n! where n is the size of the alphabet 1.Ciphertext only 1.Brute force (too expensive) 2.Frequency analysis 2.Known plaintext 1.m   (i) = c, for known (m,c). Partial permutation 3.Chosen plaintext 1.m   (i) = c, m = 0..n-1 4.Chosen ciphertext 1.  -1 (c)  m, c = 0..n-1 15

16 One Time Pad Pad = b 1  b n  {0,1}* chosen randomly m = m 1  m n –E (Pad,m) = c = m  Pad –D (Pad,c) = c  Pad = (m  Pad)  Pad = m  m,c Pr Pad [ E (Pad,m) = c] = 1/2 n –No information gained from seeing c –However, E (Pad,m)  E (Pad,m’) = m  m’